package com.clj.cloud.authorization_server.config;

import lombok.extern.slf4j.Slf4j;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.clj.cloud.authorization_server.oauth2.granter.MobileAuthenticationProvider;

@Slf4j
@Configuration
@EnableWebSecurity
public class WebServerSecurityConfig extends WebSecurityConfigurerAdapter {

	/*
	 * @Bean
	 * 
	 * @Override protected UserDetailsService userDetailsService(){
	 * InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); //
	 * 创建两个 qq 用户
	 * manager.createUser(User.withUsername("250577914").password("123456"
	 * ).authorities("USER").build());
	 * manager.createUser(User.withUsername("920129126"
	 * ).password("123456").authorities("USER").build()); return manager; }
	 */
	@Autowired
	@Qualifier("userDetailsService")
	private UserDetailsService userDetailsService;

	@Autowired
	@Qualifier("mobileUserDetailsService")
	private UserDetailsService mobileUserDetailsService;

	/**
     * 将 AuthenticationManager 注册为 bean , 方便配置 oauth server 的时候使用
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
	@Bean
	PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// @formatter:off
		http.csrf().disable();
		http.authorizeRequests()
				.antMatchers("/actuator/**")
				.permitAll()
				.anyRequest()
				.authenticated()
				.and()
				.formLogin()
				.permitAll();
				/*.and()
				.httpBasic()
				.disable()
				.exceptionHandling()
				.accessDeniedPage("/login?authorization_error=true")
				.and()
				// TODO: put CSRF protection back into this endpoint
				.csrf()
				.requireCsrfProtectionMatcher(
						new AntPathRequestMatcher("/oauth/authorize"))
				.disable();*/
		// .loginPage("/login")
		// .failureUrl("/login?authentication_error=true")
		// .httpBasic();
		// @formatter:on
	}


	@Override
	protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder)
			throws Exception {
		authenticationManagerBuilder.userDetailsService(userDetailsService)
		.passwordEncoder(passwordEncoder());
		
	}
	
	 /**
     * 创建手机验证码登陆的AuthenticationProvider
     *
     * @return mobileAuthenticationProvider
     */
    @Bean
    public MobileAuthenticationProvider mobileAuthenticationProvider() {
        MobileAuthenticationProvider mobileAuthenticationProvider = new MobileAuthenticationProvider(this.mobileUserDetailsService);
        mobileAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return mobileAuthenticationProvider;
    }
/*
	@Override
	public void configure(WebSecurity web) throws Exception {
		// TODO Auto-generated method stub
		super.configure(web);
	}
	*/
	
}
